Windows XP Security - Advice needed

Discussion in 'PC and I.T support/Advice posts' started by E55BOF, Apr 25, 2014.

  1. E55BOF

    E55BOF Hardcore MB Enthusiast

    Messages:
    4,183
    Joined:
    Mar 11, 2013
    Location:
    South Bucks
    Car:
    S211 E500, S212 E63, XK convertible, FJR1300, Caponord, Yamaha Bulldog
    I'm quite content with my antiquated steam-age Dell computer running Windows XP; it does everything I need it to. I was very happy with Microsoft Security Essentials too; it worked for me. However, now that Microsoft is no longer supporting XP, how best can I keep the computer secure? I have taken a free trial of AVG for a month; it runs out in about a fortnight.

    I'm reasonably computer-literate, but I'm no geek/nerd. I'm sure there are those on here with the specialist knowledge to advise me on what to do to keep my computer virus and malware-free. Does anybody have any ideas, and would they care to share them?

    E55BOF
     
  2. jamesfuller

    jamesfuller Hardcore MB Enthusiast

    Messages:
    1,168
    Joined:
    Aug 14, 2013
    Location:
    Northamptonshire
    Car:
    The one that starts!
    I use Avira antivirus its free and works well. They also have a good website and assistance . I use Google chrome which is also pretty active in picking up a site with malware and warns you before you go onto it.
    Set up an admin user account with a password and use you own account set to restricted access for browsing.
     
  3. jamesfuller

    jamesfuller Hardcore MB Enthusiast

    Messages:
    1,168
    Joined:
    Aug 14, 2013
    Location:
    Northamptonshire
    Car:
    The one that starts!
    Worth noting that although I have no problems yet, I don't have interweb banking etc. I think if I was more up to date with stuff like that I would probably be a bit more anxious to upgrade!
     
  4. markmifsud

    markmifsud Hardcore MB Enthusiast

    Messages:
    2,044
    Joined:
    Nov 17, 2008
    Location:
    Bromley, London
    Car:
    CLK320 CAB (A208) 02
    For now at least, MS will still be providing updates to MSE. So theres no need to change your choice of AV. But be aware that there are no updates for any other security issues so be careful where you browse.

    I am not 100% sure what is going on with this, as MS has agreed that they will support XP in our business environment for a further year. Time will tell what level of support they will provide.
     
  5. OP
    OP
    E55BOF

    E55BOF Hardcore MB Enthusiast

    Messages:
    4,183
    Joined:
    Mar 11, 2013
    Location:
    South Bucks
    Car:
    S211 E500, S212 E63, XK convertible, FJR1300, Caponord, Yamaha Bulldog
    I don't do online banking either.

    I know XP is still being supported for businesses, but I thought Microsoft had stated quite unequivocally that support for MSE on my home computer has ended. I would be very happy to hear that this is not the case, but I suspect it is. Certainly I get a message every time I login that support has ended, but I can't recall offhand whether that refers to XP or MSE (and I'm not on my home computer at the minute, so cannot check.) Google Chrome is my browser too, and I remember seeing something somewhere to the effect that Google will continue to provide support, so far as they are involved, for XP systems' security until 2015.

    MSE has been unobtrusively effective, but AVG (of which I had a free version a couple of years ago) seems rather clunkier; it certainly seems to take longer to access t'interweb than when I was using MSE. Thinks.... I haven't actually deleted or deactivated MSE, so it may well still be doing its stuff so far as it can. Perhaps I should get rid of it?
     
    Last edited: Apr 25, 2014
  6. Sp!ke

    Sp!ke Administrator Staff Member

    Messages:
    12,234
    Joined:
    Jun 2, 2002
    Location:
    West London
    Car:
    SL500 & The Fart Car
    I think its only supported for businesses if you stump up the cash for it.
     
  7. markmifsud

    markmifsud Hardcore MB Enthusiast

    Messages:
    2,044
    Joined:
    Nov 17, 2008
    Location:
    Bromley, London
    Car:
    CLK320 CAB (A208) 02
    we are around 60,000 seats so you could be right. Still unsure as to the level of support though as my WUS has had no further XP updates.
     
  8. Peter DLM

    Peter DLM Hardcore MB Enthusiast

    Messages:
    2,274
    Joined:
    Aug 24, 2007
    Location:
    Milton Keynes
    Car:
    17 reg E220d AMG Estate, 17 reg Smart Prime, Caterham Levante and E92 M3.
    The cost for the extended XP support is immense. Few corporations are purchasing the option.

    There can't be that many large corps still left on XP anyway, if they are then their IT dept need shooting.
     
  9. gaz_l

    gaz_l Hardcore MB Enthusiast

    Messages:
    1,952
    Joined:
    Mar 12, 2006
    Car:
    SLK55, Lancia Ypsilon Twinair
    Have you considered Linux? If you're not dependent on a specific Windows program, it's pretty easy to swap, and Linux is nippy even on ancient hardware.

    I have an old machine under my desk running Ubuntu (I've heard Mint is pretty good as well). Both are free, and you can run them off a DVD or USB stick before installing them on the hard drive, just to see if you get on with them - Linux is a bit different if you're used to Windows.

    Cheers,

    Gaz
     
  10. markmifsud

    markmifsud Hardcore MB Enthusiast

    Messages:
    2,044
    Joined:
    Nov 17, 2008
    Location:
    Bromley, London
    Car:
    CLK320 CAB (A208) 02

    there are still a lot of legacy systems out there that will not run on anything newer. Also, the cost to upgrade from an oem install to a new OS are circa £130. This is a fair percentage of the cost of a replacement system so its not an option to take too lightly, more so when there are 1000's of systems involved. Look at any typical bank. A large percentage of their desktops will still be XP and the cost to just upgrade the OS will far outweigh any benefits, bearing in mind the back office desktops will not have access to Internet or even usb/cd so there are no security issues.

    I have a few XP systems left, most have been virtualised so that the legacy systems can be accessed via RDP.
     
  11. craig1912

    craig1912 Hardcore MB Enthusiast

    Messages:
    165
    Joined:
    Jun 20, 2011
    Car:
    C250 Sport
    work for a large plc (45000 employees) and won't have converted all pc's to 7 until September. Even with 7 we still have IE8!
     
  12. Spinal

    Spinal Hardcore MB Enthusiast

    Messages:
    4,787
    Joined:
    Sep 14, 2004
    Location:
    Uxbridge
    Car:
    Smart, S320 and C180 with 3-pointed stars amongst others
    Windows XP support for business is chargeable - our government has shelled our near £6m for an extra year of support while they move those systems onto newer platforms...

    Guys - let's face the facts. XP is a deprecated system. If you are connecting to the internet, there is very little that a home user can do do protect an XP system. It's like driving a car so old that no-one makes tyres for it anymore. For a brief period, you can continue using it as your daily commute, but in a short matter of time, it will become counterproductive.

    There are plenty of alternatives to XP, from free ones like Linux to Windows7/8. A new laptop running windows 7, with a performance score of 5 (not good enough for modern games, but plenty times more powerful than any machine that came with xp oem) can be had for £260 (I've just bought 25 of them to get a new team up and running).

    If - on the odd chance you do want to become a Model T owner, you need to be prepared for the bad as well as the good. If driving it as your daily commute, be prepared for websites that will stop looking right, as developers stop catering for older browsers. Applications like flash, will, in their own time, stop backwards compatibility. Security patches, not just for XP, but for applications that aren't supported on XP anymore, will stop being researched/made.

    This doesn't stop you from using the system, just makes your experience increasingly isolated.

    Then there's the whole security side of things. I wont go into the risks as I'm sure most people are aware of them. I will briefly discuss what a client of mine is doing to secure a set of XP machines until the redevelop their applications to run on 7.
    - installation of file integrity monitoring solution (this reports and blocks changes to certain critical files on the system))
    - installation of a host based intrusion prevention solution in addition to their existing network based one
    - log file monitoring (outsourced) to report on attempted and actual intrusions
    - moving all the XP systems to a separate zone on the network

    Now, they are probably a bit more risk averse to most home users; but if gives you an idea of the scale of the problem.

    M.
     
  13. OP
    OP
    E55BOF

    E55BOF Hardcore MB Enthusiast

    Messages:
    4,183
    Joined:
    Mar 11, 2013
    Location:
    South Bucks
    Car:
    S211 E500, S212 E63, XK convertible, FJR1300, Caponord, Yamaha Bulldog
    Thank you one and all, and Spinal, it's clear you know what you're on about (which is not to imply the others don't, I hasten to add).

    In essence, so long as it meets my needs, I'm quite content to stick with the good ol' Model T (sad, innit?). Eventually it will no longer do so, and then I will have to buy a new computer (cost is not an issue; change is. Basically, I can't be a***d unless I have to...).

    HOWEVER...

    Spinal, it seems to me that the implications of your post are that an internet security programme - probably the best free one recommended by Which?; that is how I ended up with MSE in the first place - will not provide the same sort of level of protection as MSE has been doing. Am I correct in thatassumption, or am I reading too much into it?
     
    Last edited: Apr 26, 2014
  14. Spinal

    Spinal Hardcore MB Enthusiast

    Messages:
    4,787
    Joined:
    Sep 14, 2004
    Location:
    Uxbridge
    Car:
    Smart, S320 and C180 with 3-pointed stars amongst others
    Yes and no. An alternative antivirus (free or paid; e.g. AVG, Norton, McAfee NOD32, etc) will meet the requirements that MSE has been meeting. If you listen to the various reports, (eg. VB100) a different one "beats" the other every month depending on the tests.

    That said, an antivirus isn't a silver bullet - we tend to advocate defense in depth approaches, to mitigate multiple threat vectors.

    Where on a maintained, patched, operating system, the ingress methods are more limited (e.g. files you download, vulnerable software, drive-by-downloads, etc)*; on an operating system that is not maintained and not patched you will be exposed to things like remote code execution, where the attacker doesn't need you do to anything other than have the computer on. They then target your IP address (a set of numbers or numbers/letters that is your virtual address on the net) on a specific port (like a door to a house) and can run arbitrary code.

    This is where people usually say "why would they target me?" I don't have any national secrets on my machine. I answer that with two answers:
    1- every computer is a target, and every individual is a target. Computers for raw processing power (from which you can launch further attacks, sell the computer to others, or do something as simple as mine bitcoins). Every individual is a target (symantec publish a report every 6 months with a price-list for personal data on the black market. This is data that gets bought and sold after being harvested from systems).
    2- You may not be a specific target, but automated systems are constantly scanning random/sequential IP addresses, and looking for vulnerable systems. Many of these tools will also have a library of automated attacks, so once kicked off - will scan and attack large batches of computers. When one is found, more often than not, these tools copy over a remote control utility, turning your machine into what is known as a "zombie". I.e. your computer continues to work almost as normal for you, but when the remote attacker needs your computer (usually along with thousands of others in a "zombie botnet") they can do so.

    It's not all doom and gloom. If I were in your shoes I would do one of two things.

    - get a good firewall. Ideally not host-based, but installed behind/on your router. Depending on your router, you can flash/install something like DD-WRT (a linux distribution that gives you a few almost-enterprise class features on cheaper home routers). Lock down windows XP's firewall. Do not use the admin account, but a second account with as few privileges as possible. Install something that does content scanning of websites as well as downloads (I think AVG does this, but is slow from what I remember). Swap to a new browser, and ensure the security settings there are a bit higher than normal. Be a lot more cautious of the sites you visit (avoid anything adult or warez/download in nature). Potentially manually restrict your router firewall ports to 80/443 (http/https) if that is all you use (happy to help with more info here). Don't do any online shopping/banking on that machine. Make sure you have a current backup of any files. I'm sure there are more, but it is Sunday morning and I haven't had any caffeine yet - and a lot of these you should be doing anyhow :p

    - Alternatively, I would move to windows 7 and give it a try. (the transition from XP to 7 isn't that bad, in fact it's quite a pleasant one. Just don't try 8...) If I really did like it, I would look at XP skins. This makes windows 7/8 (or even linux/mac in some cases) look almost identical to windows XP. Be weary though, there are a lot of trojan-laden fakes. The catch is, some of my old software may not work on a newer OS. Windows 7 does have an XP compatibility mode, which sometimes works. Pop into your local PC world type store (or friends house), and have a play on a Windows7 machine (if they still have any - sadly, I think they may only have 8 now) and see what you think. The change may pleasantly surprise you. I know I tried using an XP machine the other day, and found that I had gotten so used to hitting start and typing the first three letters of a program, that using a mouse to open a program felt slow and clunky.

    M.

    EDIT: Forgot to say - the key problem with giving any advice as to XP security is that we are trying to secure it against unknown potential threats which will appear. Whereby previously someone (Microsoft) kept an eye on new threats, fixed them and issued patches for these, now no-one is doing that. Undoubtedly as vulnerabilities are discovered CVE and the like will keep track of them, but no-one will be patching them. So one thing you will need to do is be on the lookout for new vulnerabilities, and then find ways to mitigate each threat every time.
     
    Last edited: Apr 27, 2014
  15. Peter DLM

    Peter DLM Hardcore MB Enthusiast

    Messages:
    2,274
    Joined:
    Aug 24, 2007
    Location:
    Milton Keynes
    Car:
    17 reg E220d AMG Estate, 17 reg Smart Prime, Caterham Levante and E92 M3.
    What is the major objection to upgrading to Windows 7? You're missing out on a pretty good system and a lot of very useful features.
     
  16. c63chris

    c63chris Hardcore MB Enthusiast

    Messages:
    846
    Joined:
    Mar 14, 2012
    Location:
    Sussex
    Car:
    SL63 + W205 C220d
    Depends what you are running. Not all software works on XP but not much. Personally I made the switch and it is worth it and IMHO a better OS.
     
  17. Piff

    Piff Hardcore MB Enthusiast

    Messages:
    1,756
    Joined:
    Feb 24, 2005
    Location:
    Suffolk
    Car:
    Mitsubishi L200 Barbarian, A207 E250CDi Cabriolet Sport, R171 SLK280
    Just done the upgrade to 8.1
    Tried installing an old photo editing program (which I only have the copied files for, not the proper install disc) - it failed.
    Fortunately have an old lappy with XP on so installed there & it will provide years more use so long as I don't connect to the interweb with it.
     
  18. OP
    OP
    E55BOF

    E55BOF Hardcore MB Enthusiast

    Messages:
    4,183
    Joined:
    Mar 11, 2013
    Location:
    South Bucks
    Car:
    S211 E500, S212 E63, XK convertible, FJR1300, Caponord, Yamaha Bulldog
    Spinal, thank you for taking the time to compose so comprehensive a reply. Food for thought indeed; it may be time for a change....

    I'm not fussed what OS I use, but I'm used to the way XP works; presentation, what icons to press, how to do things, and so on. Is Windows 7 (or 8) the same? I suspect not.

    I wonder how long before support for Windows 7 is withdrawn too?

    If I HAVE to change, I'm now thinking about an iMac Mini (yes, total change, I know!) with my existing keyboard, mouse and monitor. What does the team think?

    I have a nephew who is an IT bod, who could come and set it all up for me. Is there software out there that would enable me to have a screen presentation similar to XP?
     
    Last edited: Apr 28, 2014
  19. Sp!ke

    Sp!ke Administrator Staff Member

    Messages:
    12,234
    Joined:
    Jun 2, 2002
    Location:
    West London
    Car:
    SL500 & The Fart Car
    FWIW, the first XP zero day vulnerability is now out there. To be precise, it is an internet explorer vulnerability but for XP it wont be patched.

    As for moving to a Mac, all I can say is that it is a bit of a marmite platform. Some people are very enthusiastic about them and others like myself think that it is very mediocre and frustratingly restrictive.

    My advice would be to see if you can borrow something with a mac OS for a short period to get a feel for whether it is for you or not. For surfing and email I suspect you'll be fine, but if you spend much time using Microsoft office applications or have other software that you need that is designed for windows then you might find that you can't get by with a mac.
     
  20. Spinal

    Spinal Hardcore MB Enthusiast

    Messages:
    4,787
    Joined:
    Sep 14, 2004
    Location:
    Uxbridge
    Car:
    Smart, S320 and C180 with 3-pointed stars amongst others
    Windows 7 has until January 2020 at present:
    Windows lifecycle fact sheet - Microsoft Windows Help

    OsX is a bit of a love it or hate it OS. I worked with it for years, and quite like it in a home environment for the more technically impaired (like my parents who click on just about any popup on the internet).

    The downside with OsX is that it goes end-of-life MUCH faster than windows. Where XP had over 10 years, OsX "Tiger" had only 4 years of shelf-life before apple removed support for it.

    M.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.